Back to Learning CenterAccountsSecurityHow textexpander handles your keystrokes keylogging and snippet security

How TextExpander Handles Your Keystrokes, Keylogging, and Snippet Security

Keystrokes and Keylogging

TextExpander never stores or sends your keystrokes anywhere. TextExpander logs up to 30 keystrokes to volatile memory, and up to 300 keystrokes when you have Snippet Suggestions enabled. This small amount of keystroke data in memory enables TextExpander to do its filtering. TextExpander clears the keystroke log when you use a keyboard shortcut or arrow key when you switch applications, and of course, it clears the log when you quit. Using TextExpander does not compromise your privacy.

TextExpander relies on other applications to mark password fields as “secure.” When TextExpander detects a secure input field, it automatically disables keystroke capture. However, if an application doesn’t label its password fields as secure, it is possible that TextExpander will pick up those fields and Suggest new Snippets if Snippet suggestions are enabled. If you prefer not to see the Snippet suggestions, you can disable them in your TextExpander settings. Learn more about Snippet suggestions and how to disable them here.

While TextExpander does track a small number of keystrokes, “tracking” does not mean TextExpander keeps a list of the actual characters you type. Instead, it keeps an encoded record (called a “hash”) of that group of characters, similar to the way a password is securely stored so that no one reading it knows what it is. You might type “yourpetsname” but what TextExpander sees and records is “1739405847385.”

Snippet Security

Anyone who gains access to your computer account will have access to your Snippets, just as they would any other files on your computer. If this concerns you, make sure you have enabled the security features on your computer to prevent unauthorized access.

For things like AWS credentials, social security numbers, and passwords we recommend storing those in an app made for security, such as a password manager.

Data in motion, every connection of every kind made by our apps, uses TLSv1.2 encryption or later, either https or wss.

For TextExpander.com, Snippet data is stored encrypted at rest on the database server’s filesystem.

TextExpander employees and contractors use strong, unique passwords and 2FA or direct public-private key exchange when possible to access third-party services. Only the minimum necessary personnel have access to service administration and the database. By default, our customer support team do not have access to customer data. Such access is only allowed via an explicit user opt-in.

Revision History

  • September 23, 2025: Updated to add information about secure input fields and Snippet suggestions.
  • June 18, 2021: Updated to combine information sites on keystrokes, keylogging, and Snippet security
  • March 23, 2017: Updated to reflect data encryption at rest
  • April 5, 2016: Original Document

Try TextExpander

No credit card required

TextExpander
Learn
Blog
Company

© 2025 TextExpander, Inc. TextExpander is a registered trademark.

Do not sell or share my personal information Notice at collection